From: Nik Okuntseff Date: Sat, 24 Mar 2018 11:22:56 +0000 (+0000) Subject: Added some protection from bot registrations. X-Git-Tag: timetracker_1.19-1~957 X-Git-Url: http://wagnertech.de/git?a=commitdiff_plain;h=2ffa361a7610cbd1334754da314e4783226df689;p=timetracker.git Added some protection from bot registrations. --- diff --git a/WEB-INF/lib/ttRegistrator.class.php b/WEB-INF/lib/ttRegistrator.class.php index 7082e6bc..3c424f48 100644 --- a/WEB-INF/lib/ttRegistrator.class.php +++ b/WEB-INF/lib/ttRegistrator.class.php @@ -85,6 +85,12 @@ class ttRegistrator { global $i18n; + // Protection fom too many recent bot registrations from user IP. + if ($this->registeredRecently()) { + $this->err->add($i18n->get('error.access_denied')); + return false; + } + import('ttUserHelper'); if (ttUserHelper::getUserByLogin($this->login)) { // User login already exists. @@ -185,4 +191,22 @@ class ttRegistrator { return true; } + + // registeredRecently determines if we already have a successful recent registration from user IP. + // "recent" means "within the last minute" and is set in a query by the following condition: + // "and created > now() - interval 1 minute". Change if necessary. + function registeredRecently() { + $mdb2 = getConnection(); + + $ip_part = ' created_ip = '.$mdb2->quote($_SERVER['REMOTE_ADDR']); + $sql = 'select created from tt_teams where '.$ip_part.' and created > now() - interval 1 minute'; + $res = $mdb2->query($sql); + if (is_a($res, 'PEAR_Error')) + return false; + $val = $res->fetchRow(); + if ($val) + return true; + + return false; + } } diff --git a/WEB-INF/templates/footer.tpl b/WEB-INF/templates/footer.tpl index 223a757c..4beb8955 100644 --- a/WEB-INF/templates/footer.tpl +++ b/WEB-INF/templates/footer.tpl @@ -12,7 +12,7 @@
-
 Anuko Time Tracker 1.17.68.4151 | Copyright © Anuko | +  Anuko Time Tracker 1.17.69.4152 | Copyright © Anuko | {$i18n.footer.credits} | {$i18n.footer.license} | {$i18n.footer.improve}